1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
|
# == class: swift::proxy::tempauth
# This class manages tempauth middleware
#
# [*reseller_prefix*]
# The naming scope for the auth service. Swift storage accounts and
# auth tokens will begin with this prefix.
# Optional. Defaults to 'undef'
# Example: 'AUTH'.
#
# [*auth_prefix*]
# The HTTP request path prefix for the auth service. Swift itself
# reserves anything beginning with the letter v.
# Optional. Defaults to 'undef'
# Example: '/auth/'
#
# [*token_life*]
# The number of seconds a token is valid.
# Optional. Integer value. Defaults to 'undef'.
# Example: 81600
#
# [*allow_overrides*]
# Allows middleware higher in the WSGI pipeline to override auth
# processing
# Optional. Boolean. Defaults to 'undef'
# Example: true
#
# [*storage_url_scheme*]
# Scheme to return with storage urls: http, https, or default
# Optional. Possible values: http, https or default. Defaults to 'undef'
#
# [*account_user_list*]
# List all the accounts/users you want in an array of hash format.
# 'user' and 'account' should not include '_' (TODO).
# Defaults to:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# }
# ]
#
# Example of two account/user:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# },
# {
# 'user' => 'foo',
# 'account' => 'bar',
# 'key' => 'pass',
# 'groups' => [],
# },
# ]
#
# it will generate these lines
# user_admin_admin = admin .admin .reseller_admin
# user_bar_foo = pass
#
# == Authors
#
# Guilherme Maluf Balzana <guimalufb@gmail.com>
#
class swift::proxy::tempauth (
$account_user_list = [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
],
$reseller_prefix = undef,
$auth_prefix = undef,
$token_life = undef,
$allow_overrides = undef,
$storage_url_scheme = undef,
) {
include swift::deps
validate_legacy(Array, 'validate_array', $account_user_list)
if ($reseller_prefix) {
validate_legacy(String, 'validate_string', $reseller_prefix)
$reseller_prefix_upcase = upcase($reseller_prefix)
}
if ($token_life) {
validate_legacy(Integer, 'validate_integer', $token_life)
}
if ($auth_prefix) {
validate_legacy(Pattern[/\/(.*)+\//], 'validate_re', $auth_prefix, ['\/(.*)+\/'])
}
if ($allow_overrides) {
validate_legacy(Boolean, 'validate_bool', $allow_overrides)
}
if ($storage_url_scheme) {
validate_legacy(Enum['http', 'https', 'default'], 'validate_re',
$storage_url_scheme, [['http', 'https', 'default']])
}
swift_proxy_config {
'filter:tempauth/use': value => 'egg:swift#tempauth';
'filter:tempauth/reseller_prefix': value => $reseller_prefix_upcase;
'filter:tempauth/token_life': value => $token_life;
'filter:tempauth/auth_prefix': value => $auth_prefix;
'filter:tempauth/storage_url_scheme': value => $storage_url_scheme;
}
# tempauth account_users end up in the following format
# user_<account>_<user> = <key> .<group1> .<groupx>
# ex: user_admin_admin=admin .admin .reseller_admin
# account_data is an array with each element containing a single account string:
# ex [user_<account>_<user>, <key> .<group1> .<groupx>]
if $account_user_list {
$account_data = split(inline_template(
"<% @account_user_list.each do |user| %>\
user_<%= user['account'] %>_<%= user['user'] %>,\
<%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %> ; <% end %>"),';')
# write each temauth account line to file
# TODO replace/simplify with iterators once all supported puppet versions support them.
swift::proxy::tempauth_account { $account_data: }
}
}
|